Financial sector sees data breaches soar: Verizon

By IBT Staff Reporter On 04/16/09 AT 7:56 PM

There were more electronic security breaches last year than in the previous four years put together and the financial sector suffered the biggest rise in attacks from hackers looking for big stashes of consumer data, according to a report from Verizon Communications.

The retail sector was still the most often targeted by hackers, accounting for a third of all cases, but the sharpest rise was in financial services, which doubled its share of attacks to 30 percent of the total, Verizon said.

Citing cases handled by its business security unit, Verizon said the financial sector held 93 percent of the 285 million individual records, such as account personal identification numbers (PIN), that were compromised in hacks last year.

Wade Baker, a research executive for Verizon Business Security Solutions said data thieves who sell records on the black market are focusing more on bigger institutions, which are often more complicated to hack but hold lots of records.

In 2008 the criminals have really done something different, Baker said. Instead of hitting small one-off shops for small hauls of data we saw them targeting large companies with a great deal of data.

For example hackers are turning increasingly to companies such as banks, credit card companies and other firms that process transactions from multiple merchants as it yields more data than individual restaurants or stores would, he said.

Sophisticated data security attacks represented only 17 percent of electronic record break-ins last year, but Verizon said that these relatively few cases caused 95 percent of the total record breaches it investigated.

Bigger companies might be expected to have more resources to protect their data but, Verizon argued that sometimes a company's size can exacerbate the room for error.

The bigger the company the more machines they have to manage. The bigger they are, the chances are they've forgotten to do something. It's much easier to find holes rather than plug holes, Baker said.

This means that companies need processes to make sure their security policies are actually being followed, Baker said.

Verizon said it found that nearly 90 percent of the electronic break-ins in its report could have been prevented if security basics had been followed and most could have been avoided without difficult or expensive controls.